Beware the link shorteners -- or at least, be aware of the risks

There's chatter in various forums suggesting that Gmail is blocking or filtering or spam foldering email messages that contain references to the Bitly URL shortener's primary domain. My own very non-scientific testing suggested that references to the Bitly shortener could make an email message go to the spam folder, but I also saw reasonably compelling evidence that it was causing blocking or deferrals in some cases.

An issue like that has the potential to cause a lot of false positive (messages that aren't spam being treated as spam), but I imagine that there are smart folks working on resolving the issue. But allow me to use this as an excuse to talk a bit more about what this issue is and how it can happen.

Why does this happen? If you've been sending email for a while, you might know about the concept of IP reputation. Whether or not an ISP accepts your mail is often based on the reputation of your sending IP address. If too many past emails were reported as spammy, the ISP is less likely to put future emails from that IP address into the inbox. That's (a slightly oversimplified explanation of) IP reputation.

There is domain reputation, though, too. Domain reputation can apply to email messages in a couple of different ways.

First, domain reputation usually refers to identifying you as a sender based on your authenticated from address (with DKIM authentication) or your authenticated return-path domain (with SPF authentication). ISPs (especially Gmail) take note of whether or not lots of mail sent from those domains is wanted or unwanted. Do recipients interact with it at high volumes? That's good. Do recipients report it as spam in high numbers? That's bad.

But that's not what I'm talking about here. In this case, I'm talking about the reputation of domain names that appear in the body of your email message. ISPs watch to see if you include domain names in your email message that happen to also show up in lots of spam messages. If so, ISPs are more likely to block or filter messages just because they contain references to those domain names, considering them evidence of spam, because they show up in a lot of emails that are otherwise deemed to be spam.

How does this happen? You're not spamming, right? So it's not really your fault. It's because somebody else -- not you -- and maybe even multiple somebodies could be sending unsolicited email (spam) that includes Bitly links. 

What should you do? Try not to link to other people's domains in your email messages, if at all. As Mailkit's Jakub Olexa said to me on Twitter, "Avoiding URL shorteners in email should be a general rule." Sometimes you can't avoid it -- and that's okay. But avoid it when you can, to reduce that risk. And when you have to link, use your email platform's click tracking (click wrapping) domain, if possible. Even better, use a custom one that only shows up in your emails, if you can. Bitly and other URL shorteners offer custom domains, too. That way you wouldn't have to use a domain name that is also being used by other people.

Because it's all about reputational segmentation (a term I possibly just made up). Don't share resources that are also being used by spammers, because it can end up with you unfairly painted as a spammer. Whether that be your sending IP reputation, your sending domain reputation, or even the reputation of domain names in the body of your email messages. Sometimes you can't avoid sharing -- if you only send 10,000 email messages a month, you probably can't really get success sending that from a dedicated IP address -- so you have to be sharing a sending IP address with multiple other senders. But where you can eliminate that risk, you should.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.